Analyzing...

File Name: a1.exe

SHA1: b66cf3fa6c873abd76c56fd02210999c95935a1b

MD5: 1f96c54c09c09d861f037f2a8566eb7e

First Seen Date: 2017-01-11 18:17:39.226369 ( 2017-01-11 18:17:39.226369 )

Number of Clients Seen: 4

Last Analysis Date: 2017-01-11 18:17:39.226369 ( 2017-01-11 18:17:39.226369 )

Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.

Analysis Summary

Analysis Type	Date	Verdict
Signature Based Detection	2019-12-26 03:09:17.639002	Malware
Static Analysis Overall Verdict	2017-01-11 18:17:39.226369	Highly Suspicious
Dynamic Analysis Overall Verdict	2017-01-11 18:17:39.226369	Highly Suspicious

Static Analysis

Static Analysis Overall Verdict	Result
Highly Suspicious

Detector	Result
Optional Header LoaderFlags field is valued illegal	Clean
Non-ascii or empty section names detected	Clean
Illegal size of optional Header	Clean
Packer detection on signature database	Unknown
Based on the sections entropy check! file is possibly packed	Suspicious
Timestamp value suspicious	Clean
Header Checksum is zero!	Clean
Enrty point is outside the 1st(.code) section! Binary is possibly packed	Clean
Optional Header NumberOfRvaAndSizes field is valued illegal	Clean
Anti-vm present	Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger	Clean
TLS callback functions array detected	Clean

Dynamic Analysis

Dynamic Analysis Overall Verdict	Result
Highly Suspicious

Suspicious Behaviors
Has no visible windows

Behavioral Information

QueryFilePath

C:\a1.exe

OpenService

CreateFile

\\.\Nsi

\\Servc\pipe\svcctl

LoadLibrary

imm32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

WINTRUST.dll

CreateMutex

<NULL>

Precise Detectors Analysis Results

No Detector Result Received

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

Property	Value

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5

PE Imports

PE Exports

PE Resources

Loading...